Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Merge 1.15.10 #578

Merged
merged 1 commit into from
Oct 16, 2024
Merged

Merge 1.15.10 #578

merged 1 commit into from
Oct 16, 2024

Conversation

antonipp
Copy link
Collaborator

DD changes:

  • Updated image references in .gitlab-ci.yml

@antonipp antonipp had a problem deploying to release-base-images October 16, 2024 16:04 — with GitHub Actions Failure
datadog-datadog-prod-us1[bot]
datadog-datadog-prod-us1 bot reviewed Oct 16, 2024
View reviewed changes
.github/workflows/lint-build-commits.yaml
- ft/v1.15/**

# If the cache was cleaned we should re-build the cache with the latest commit
workflow_run:
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🟠 Code Vulnerability

Dangerous GitHub actions trigger (...read more)

Workflows triggered by the pull_request_target trigger can read secrets and edit code in the repository that the PR is targeting. This is a dangerous trigger that must be used with caution. For security reasons, GitHub runs these workflows using the code from the base branch, rather than the code from the PR.

If you use this trigger you must not checkout the code of the PR, otherwise anyone can simply write malicious code and get it to run in a context that has access to your secrets, in addition to write access to the repository.

This type of attack is sometimes referred to as “pwn request”.

Note that if you use the "workflow_call" trigger, your workflow is callable by other workflows, so possibly by a workflow using the pull_request_target trigger.

Learn More

View in Datadog  Leave us feedback  Documentation

.github/workflows/build-go-caches.yaml
- v1.15

# If the cache was cleaned we should re-build the cache with the latest commit
workflow_run:
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🟠 Code Vulnerability

Dangerous GitHub actions trigger (...read more)

Workflows triggered by the pull_request_target trigger can read secrets and edit code in the repository that the PR is targeting. This is a dangerous trigger that must be used with caution. For security reasons, GitHub runs these workflows using the code from the base branch, rather than the code from the PR.

If you use this trigger you must not checkout the code of the PR, otherwise anyone can simply write malicious code and get it to run in a context that has access to your secrets, in addition to write access to the repository.

This type of attack is sometimes referred to as “pwn request”.

Note that if you use the "workflow_call" trigger, your workflow is callable by other workflows, so possibly by a workflow using the pull_request_target trigger.

Learn More

View in Datadog  Leave us feedback  Documentation

jaredledvina
jaredledvina approved these changes Oct 16, 2024
View reviewed changes
Copy link
Member

@jaredledvina jaredledvina left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍 LGTM

@antonipp antonipp merged commit 638efba into v1.15-dd Oct 16, 2024
32 of 40 checks passed
@antonipp antonipp deleted the ai/1-15-10 branch October 16, 2024 16:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@datadog-datadog-prod-us1 datadog-datadog-prod-us1[bot] datadog-datadog-prod-us1[bot] left review comments

@jaredledvina jaredledvina jaredledvina approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@antonipp @jaredledvina